The likelihood of a cyber or ransomware attack is only increasing.
In the
Mitigating the risk of an attack
Planning for an attack is an important part of the risk process. Cunningham says that not all security measures are created equal and it's important for companies to understand which ones will have the most impact in the event of a ransomware attack and to focus on those first.
"And in my opinion, there are four measures to do that are super effective. And in hundreds of cases, I've never seen an organization that was attacked successfully if they had these four measures in place. So, the first measure is, we got to prevent the attack. The most effective measure to prevent the attack is multifactor authentication because it prevents initial access, and it prevents the threat actor from progressing through the attack chain. The next thing we need to be able to do is detect an attack in progress and block it because we're not going to have perfect security. So, we have to understand that even with all the measures we have, we may have an attack. So, we have to have the ability to detect and block that attack."
If an enterprise is attacked, Cunningham says they must have the ability to recover, and this involves immutable backups where the data cannot be deleted. They should also test their recovery process before an actual attack so they can fix problems and understand how long the company could be out of service following an attack.
Lastly, Cunningham recommends that companies have a security risk assessment, which can identify specific risks and help prioritize which factors to focus on first based on how critical they are to the infrastructure.
Listen to the